MAIN SCAN LADDER FAQ AMANDA CHART
ABOUT SCAN    RUNG 2 - 36 Projects SAMBA CHART
FAQ    RUNG 1 - 127 Projects  
DEVELOPER FAQ    RUNG 0 - 173 Projects
ALL PROJECTS POLICY STATEMENT
 
 

The Scan Ladder


Rung Overview

Rung definitions are not fixed, and may be reorganized from time to time as new software tools are made available by Coverity.

A project's rung is based on the degree of experience the developers have built up with the Coverity Prevent toolset, their communication with Coverity, and their progess at addressing the issues found by the analysis results.

If a project is listed at a lower rung than in the past, check the Rung History section for details. The rung definitions may have been revised.

Normally, functionality will not be taken away from a project once it has been granted.

Coverity may advance a project at its discretion, if Coverity feels that the developers are ready for additional features, and it would be an advantage to the userbase of the project.

The following items are the details of all the rungs that have been announced.

 

Rung 0

The first rung is rung 0. At rung 0, a project has been built and analyzed by Coverity's Scan infrastructure, but no representatives of the open source project have come forward for access to the analysis results.

Since no members of the project have access to the results at this stage, defect information is NOT listed on the display.

Sometimes these projects are ones suggested by individuals sending email to the Scan administrator.  Sometimes Coverity proactively selects projects based on their significance to the open source community.

If a project is interested in its developers having access to the analysis results, a developer can follow the Contact link for the project in rung 0, and get more information.

If a project's name, as listed on rung 0 is not correct, the project contacts should include the preferred name formatting when sending the request to move to rung1.

If a project is not interested in its developers having access to the analysis results, a developer can follow the 'Contact' link for the project in rung 0, and request that it be removed from the Scan Web site.

Projects progress to the next rung by selecting a set of official contacts to represent the project to Coverity.

 

Rung 1

The next rung is rung 1. At rung 1 and above, Coverity supplies a mailing list for developers to discuss analysis results, and to facilitate communication from Coverity about questions from the project or additional functionality being made available.

Developers in projects at rung 1 are eligible for a login to the analysis results GUI. Requests will be approved by the project's official contacts.

At rung 1, the analysis is performed on a recent release version from the project. As new releases are issued, the project contacts can request an update of the analysis results.

The analysis results at rung 1 do not include all of the checks that Coverity Prevent is capable of performing. In order to make it easier for developers to become accustomed to the analysis results, results at this rung are restricted to some of the most straightforward defect types. By introducing the analysis results in managable pieces, developers can become familliar with the tools and the defect resolution process without being overwhelmed.

Rung 1 is roughly equivalent to the Scan experience of projects in Scan's first year, with the exception of the new mailing list for communication and project contacts. Additionally, projects in included in Scan's first year were built from the head of their development source tree. New projects will receive that functionality at a higher rung. Projects from the first year are grandfathered in, and will continue to be built as they have been.

Projects progress to the next rung by reaching a reasonably low defect count in the basic issue types, appropriate for the size of the project codebase.

Future Rungs

Details of the rungs above 1 will be released when a Scan member project reaches that stage.

This is imminent, since 14 of the original Scan member projects reached zero defects in the first year of Scan.

There will be a delay before advancing to Rung 2, while those projects are brought in line with the new mechanisms that are part of the Scan Ladder, such as mailing lists and project representative selection.

Rung History

The current rung configuration is unchanged, since its launch on Mar 6th, 2007.

 

 
 
     
  “COVERITY'S STATIC SOURCE CODE ANALYSIS HAS PROVEN TO BE AN EFFECTIVE STEP TOWARDS FURTHERING THE QUALITY AND SECURITY OF LINUX.”  
     
     
  ANDREW MORTON,
LEAD KERNEL MAINTAINER 		  
     
     NEWS
 
  Coverity releases Open Source Report 2008, an in-depth study of almost 10 billion lines of analyzed code.  
 
 
 
  Rung 2: Coverity Venture with U.S. Department of Homeland Security Resolves Quality Issues and Potential Security Vulnerabilities in 11 Major Open-Source Projects

 
 
 
  Open MPI Project Partners with Coverity to Accelerate Advanced Computing Research  
 
 
  Scan now open to Java projects

 
 
 
  Scan Expanded with Graphics Software at Libre Graphics Meeting  
 
 
  Scan Expanded to 150 projects on its anniversary

  
 
 
  Happy First Birthday, Scan  
 
 
  Coverity Names David Maxwell as Open Source Strategist

  
 
 
  Coverity detects a security hole in X Windows that allows any user with a login to gain root privileges  
 
 
  Amanda releases major version (2.5) of the popular backup and recovery software with milestone of 0 Coverity defects  
 
 
  Scan.coverity.com results in over 1000 patches to projects in the first few weeks  
 
 
  internet.com logo
Coverity Study Ranks LAMP Code Quality		  
 
 
  eweek logo
DHS Funds Open-Source Security Project		  
 

 
©2007 COVERITY INCORPORATED | PRIVACY POLICY